SlideShare a Scribd company logo

Hitcon badge 2018

Alan Lee
Alan Lee

Hitcon badge 2018

Devices & Hardware
1 of 79
Download to read offline
Hitcon Badge 2018 MEDIATEK 黃偉峻 MEDIATEK 李倫銓 1
Guidline • Hardware overview • Subsystems • ETH Transaction • HD Wallet - BIP32,39,44 • Secure Element with Wallet • Manufacture • Documents 2
Hitcon Badge 2018 3
MT7697 WiFi/BLE Soc SLE97 2.13” e-Paper Button Array CP2102N USB to UART 3V to 3.3V Step-up 5V to 3.3V LDO PN532 NFC controller SPI bus I2C bus Interrupt Analog UART USB 5V 3.3V 3.3V Special buttons Digital Hardware Diagram 4
MT7697 • 192 MHz Cortex-M4F • WiFi 802.11b/g/n & BLE SoC • 352KB Ram / External SPI flash • 64KB Bootloader Rom • UART/SPI/I2C • Crypto-engine 5
Linkit 7697 • Arduino Support • Wrtnode’s module with 4MB Flash • MTK Official Support Platform • With Auto-Switch to load Firmware • Arduino IDE Setup: https://docs.labs.mediatek.com/resour ce/linkit7697- arduino/en/environment-setup/setup- arduino-ide 6
Hitcon Badge‘s Arduino Package 官方的版本有幾個狀況需要修改,所以直接Fork一版出來 Package:https://raw.githubusercontent.com/will127534/HITCON-Badge- 2018/master/Software/Arduino_packages/package_hitcon_badge_index.json 修正改的內容: 1.RTOS Tickless Sleep 移除了,多虧Android的Active Scanning 2.BLE MTU Size 3.Analog Read和Sleep的Bug 4.關閉Wifi 5.加入Secure Element+電子紙的Library 7
Waveshare 2.13” Black and White e-paper • GDE0213B1 - Support Partial Update – takes only 0.2s 8
PN532 – NFC controller • Not used, 時間來不及 • 天線形狀比較特殊,電路需要 調整阻抗匹配 NFC 天線! 9
Simulated Real 10
PN532 – NFC controller 11
Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 12
Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 13.4K 歐姆 13
Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 11.4K 歐姆 14
Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 9.4K 歐姆 15
Button Array • 需要精確的電壓和電阻 • 但是Badge上面有兩個供電,電壓升壓和USB降壓 ➔透過使用者一定會按到的按鈕自動校正電壓 Button ENTER + Button 6, 這兩個按下去之後會校正輸入的電壓 16
Misc. • 多數Interface都是以1K或者0歐姆電阻串接,方便斷開 17
Misc. • 正面的Power LED燈預設斷路以減少耗電量 • USB 轉 UART 和其他供電有做隔離,避免CP2102N消耗電池 • Battery有做防反接的保護 18
Secure Element • SLE97 – From Infineon, Software from IKV • ARM® SecurCore™ SC300™ • Crypto processor • ISO 7816 interface • SPI interface CC EAL5+ high ! 19
Hitcon Badge 2018 Hardware overview NFC 天線 電子紙 Button Array Battery Switch NFC EPD MT7697 Module Secure Element 20
Wallet – Cryptocurrency Hash Sign Transaction Data Transaction Hash Transaction Signature 21
Wallet – Cryptocurrency: BTC • 對比特幣來說,每一筆交易 完成後,餘額會匯到新的錢 包 錢包需要管理一堆Private Key ➔Private Key 管理問題 Solution: Deterministic Wallet 50 BTC 10 BTC 40 BTC 交易 A A B 22
HD Wallet – BIP32,39,44 Overview Root Seed Mnemonic Code HMAC-SHA512 Right 256bit Master Chain Code Left 256bit Private Key m Child Key m/0 Child ID Child Chain code ……. Child Key m/2 Child ID Child Chain code Child Key m/1 Child ID Child Chain code Grandchildren Keys m/0/0~2^32 Grandchildren Keys m/1/0~2^32 Grandchildren Keys m/2/0~2^32 BIP39 BIP32 BIP44 ……. 23
Child key derivation Parent Private or Public Key HMAC-SHA512 Left 256bits Right 256bitsParent Chain Code index number Child Private Key Child Chain Code Key Data https://github.com/bitcoin/bips/blob/master/bip- 0032.mediawiki Hardened 24
BIP39 - Mnemonic Code • 由於Root Seed 不方便人類抄寫,所以透過2048個字的組合定義一 個Coding 方式 • 2048個字➔ 每個字代表11byte Word List: Abandon 0x01 Ability 0x02 Able 0x03 About 0x04 . . . https://github.com/bitcoin/bips/blob/master/bip- 0039.mediawiki Root Seed (128~256bit multiple of 32bit) ……. 11bit 11bit 11bit 11bit ……. Mnemonic Words First Seed Length/32 bit of SHA256(Root Seed) 25
BIP39 - Mnemonic Code https://github.com/bitcoin/bips/blob/master/bip- 0039.mediawiki Root Seed Length Checksum Length Total Length Word Length 128 Bits 4 Bits 132 Bits 12 Words 160 Bits 5 Bits 165 Bits 15 Words 192 Bits 6 Bits 198 Bits 18 Words 224 Bits 7 Bits 231 Bits 21 Words 256 Bits 8 Bits 264 Bits 24 Words Badge預設值 26
BIP 44 – Meaningful structure m / purpose' / coin_type' / account' / change / address_index • Purpose ➔ 固定 44’ • Coin type • Bitcoin ➔ 0’ • Eth ➔ 60’ • Account • Change • 0 for External chain ➔收款/付款用 • 1 for internal chain ➔ 內部處裡用 • Address index • Badge預設: m/44’/60’/0’/0/0 Tool:https://coinomi.com/recovery-phrase-tool.html 27
BIP 44 – Meaningful structure m / purpose' / coin_type' / account' / change / address_index • Purpose ➔ 固定 44’ • Coin type • Bitcoin ➔ 0’ • Eth ➔ 60’ • Account • Change • 0 for External chain • 1 for internal chain • Address index • Badge預設: m/44’/60’/0’/0/0 Tool:https://coinomi.com/recovery-phrase-tool.html Hardened key 28
乙太幣交易 • To Who • 交易對方的Address • 20byte • How much • 金額 單位為wei • Uint256_t • Gas Price • 手續費 單位為wei • Uint256_t • Gas Limit • 運算數量 • Uint256_t • Nonce • 交易筆數 • Data RLP encoder keccak256 Secp256k1 橢圓曲線 Transaction Data Transaction Hash Transaction Signature Recursive Length Prefix Encoder for variable length binary data 29
乙太幣交易 • To Who • 交易對方的Address • 20byte • How much • 金額 單位為wei • Uint256_t • Gas Price • 手續費 單位為wei • Uint256_t • Gas Limit • 運算數量 • Uint256_t • Nonce • 交易筆數 • Data • Transaction Signature RLP encoder Broadcast Transaction data https://steemit.com/ethereum/@n-ur/behind-the-scene-on- how-myetherwallet-works-simple-illustration 30
Smart Contract : Program on ETH • Smart Contract: 類似一種部屬在乙太幣網路的一段程式碼 • 藉由交易來傳遞/運算資料 • 一旦交易的對象是Smart Contract,Data會傳遞到對應的程式執行 31
ERC20 – define Interface (Application Binary Interface) • TotalSupply • BalanceOf (address _owner) • transfer(address _to, uint256 _value) • transferFrom(address _from, address _to, uint256 _value) • approve(address _spender, uint256 _value) • allowance (address *_owner*, address *_spender*) 32
• Contract Address • How much meaning less • Gas Price • Gas Limit • Nonce • Data 怎麼交易ERC20? • 對於錢包來說,ERC20只是帶有Data的交易 • 能夠塞Data就代表能支援ERC20,只是不一定有辦法顯示相對應 的交易資料 • To Who • How much • Gas Price • Gas Limit • Nonce • Data • Contract Method • Contract Data 33
ERC20 Data format • Contract Method – 4 Byte ➔ Hashed Application Binary Interface • Contract Data – Depend on function • EX: transfer(address _to, uint256 _value) 4 Byte 32 Byte 32 Byte Data 34Detail: https://github.com/ethereum/wiki/wiki/Ethereum-Contract-ABI
ERC20 Data format • Example: 要轉 1 個 Hitcon Token給我的話 • transfer(0x4bf5193805a4fd033b84b5bb700bf2a2aaae6a7d, 0xDE0B6B3A7640000) • “transfer(address,uint256)” ➔SHA3➔ a9059cbb2ab09eb219583f4a59a5d0623ade346d962bcd4e46b11da047c9049b • Address ➔ Append to 32Bytes 0x0000000000000000000000004bf5193805a4fd033b84b5bb700bf2a2aaae6a7d • Value ➔ Append to 32Bytes 0x000000000000000000000000000000000000000000000000de0b6b3a7640000 ➔Data:0xa9059cbb0000000000000000000000004bf5193805a4fd033b84b5bb700bf 2a2aaae6a7d0000000000000000000000000000000000000000000000000de0b6b3a 7640000 35
Secure Element – Why? 雖然錢包可以透過軟體實作,但是容易造成Master Key被偷 ➔冷錢包,透過一個專門的硬體去存放/使用Master Key • 但是即使是冷錢包,實作方式主要分成兩類 • MCU Ex:TREZOR • Secure Element + MCU Ex:Ledger Wallet 36
Secure Element – Why? TREZOR ➔ 透過MCU實作 通常絕大多數的MCU都難以抵抗Side-channel攻擊,所以較為容 易被破解 Ex: https://jochen-hoenicke.de/trezor-power-analysis/ P.S 已經Fix了 37
Secure Element – Why? https://jochen-hoenicke.de/trezor-power-analysis/ 38
Secure Element – Why? 而Secure Element最主要的目的就在於如何防止 Side-channel IC廠商會加上不同的Anti-tampering方法 常見於信用卡/SIM卡等晶片上 39
Secure Element - Usage SPI Driver Secure Element Driver Wallet Application Transaction Application RLP encoder + keccak256 Init Wallet/Create Account/… ADPU cmd process MT7697 SPI Driver Software SPI Driver 40
Secure Element - State Init No Host Disconnect Normal Perso Perso? Bind Reg BackToNoHost -with pin code Bind Login BackToInit – with Vender Key Bind Logout InitDevInfo 41
Host Registration Host SE BindRegInit (UUID, Description, HASH) Handle, (OTP) Get UUID of the Host BindRegChlng (Handle) Challenge Calculate devKey from UUID & OTP Calculate Response of Challenge by devKey BindRegFinish (Handle, Response) HostId, Confirm Status Verify Response Store Host if Passed 42
Host Login Host SE Get UUID and OTP from storage BindLoginChlng (HostId) Challenge Calculate devKey from UUID & OTP Calculate Response of Challenge by devKey Bind Login (HostId, Response) Status Words, 0x9000 if success Verify Response 43
Device Key (devKey) Derivation UUID of Host 32 bytes OTP from SE 6 bytes SHA256 devKey 32 bytes 44
Challenge and Response Response of Host 16 bytes Challenge from SE 16 bytes AES256 devKey 32 bytes ECB mode, Non-Padding 45
Encrypt Key and MAC Key • Encryption Key • Used for Data Encryption after Login • Mac Key • Used for Data HMAC-SHA256 Device Key 32 bytes “ENC” 3 bytes SHA256 Encryption Key 32 bytes “MAC” 3 bytes SHA256 Mac Key 32 bytes https://en.wikipedia.org/wiki/Hash-based_message_authentication_code Login Challenge 16 bytes Device Key 32 bytes Login Challenge 16 bytes 46
HDW Management • Secure Element Handles BIP32 Path • m/BIP44/coin/Account/Change/Address • Badge預設: m/44'/60'/0'/0/0 • Secure Element Holds up to 5 accounts • External Address Pointer of each account (update to 2128 addresses) • Internal Address Pointer of each account (update to 2128 addresses) 47
Cmd line Management • QueryAccountKey: Query Public Key for a specific Account/Key_ID Usage: QueryAccountKey [account] [key_id] • CreateAccount: Create a New Account for a specific cointype/account_id Usage: CreateAccount [cointype] [account_id] [Name] • QueryAccountInfo: Query a specific Account Info Usage: QueryAccountInfo [account_id] • CreateNextAddr: Generate a new key for a Specific Account Usage: CreateNextAddr [account_id] • Account ID:0~4 48
Cmd line Management • SEState: Query Secure Element State • BindReg: Bind Register • BindLogin: Bind Login • BindLogout: Bind Logout • BackToNoHost: Back to NoHost state • BackToInit: Back to Init State • InitDevInfo: InitDeviceInfo and confirm • PINAuth: Auth Pin Code • InitWallet: Initialize Wallet from Mnemonic Words • QueryWalletInfo: Query Wallet Info • QueryAllAccount: Query All Account Info • QueryAccountKey: Query Public Key for a specific Account/Key_ID • CreateAccount: Create a New Account for a specific cointype/account_id • QueryAccountInfo: Query a specific Account Info • CreateNextAddr: Generate a new key for a Specific Account • Transaction: Generate a new Raw Transaction • Misc. • Voltage: Read Battery Voltage • ReinitBLE: Re-init BLE • AddVcard: Adding a Vcard • ResetHitconTokenDisplay: Reset Hitcon Token counter 49
Cmd line Usage • USB to UART IC: CP2102N • Driver: Linux & Windows & Mac https://www.silabs.com/products/development-tools/software/usb-to- uart-bridge-vcp-drivers • Mac OSX 10.11 up: Apple Blocked kernel extension. • https://stackoverflow.com/questions/47109036/cp2102-device-is-not-listed-in- dev-on-macos-10-13 (Note: Answer 2) • Setting:115200 8N1 50
Cmd line Usage 51
HDW Management • Account Purpose: 2C 00 00 00 ➔ 44 • Account Cointype: 3C 00 00 00 ➔ 60 • Little endian 52
HDW Management Tool:https://coinomi.com/recovery-phrase-tool.html 53
Badge initialize + re-generate wallet Enter No-Host State First time initialize Bind Register Enter Discon. Back To Init & Init Bind Login, Set Pin Code and enter Normal State Generate/ Input Master Key Initialize Master Key Initialize Account m/44’/60’/0’ Initialize address index 0 Read Public Key of address index 0 User Request for re-generate 54
Secure Element - State Init No Host Disconnect Normal Perso Perso? Bind Reg BackToNoHost -with pin code Bind Login BackToInit – with Vender Key Bind Logout InitDevInfo 55
Badge startup wallet Read Status Reg Bind Login Calc ETH Address Read Public Key of m/44’/60’/0 /0/0 0x06 0x07 other Init Wallet Read Version If bootloader mode, jump 56
Wallet Address BLE AES Key QR-Code 格式: Hitcon://pair?v=版本數 &a=錢包Address &k=AES Key &s=ServiceUUID &c=Characteristic前四個Byte[6] 初始化的時候, Badge會將生成好的Public Address和BLE Key打包成一 個網址顯示在QR Code上面 BLE 各charastic UUID前4byte Example: hitcon://pair? v=18& a=808c2257d778e5f1340d9325116f5a7273b33f5d& k=09626aa096254e8a8ce871bfd7b8895c& s=1cbfbb33-ffc7-c966-77f9-311c6ba9e425& c=26ccce12e2c66a0b72c50cca509dbfc1275074f57e7c5668 BLE Service UUID Hitcon Badge 2018 – BLE Initialize + Re-paring 57
為了避免濫發交易訊息,UUID是綁定時隨機產生的 QR Code會寫Characteristic UUID的前4個Byte,後面的UUID與Service相同 QR code的Characteristic順序如下: Hitcon Badge 2018 – BLE UUIDs Transaction, Txn, AddERC20, Balance, General Purpose Cmd, General Purpose Data 58 EX: [init_BLE] LFLASH_Saved_UUID: ServiceUUID: 8b15cb6c-0dfd-553a-9302-3cdcded12f56 Transaction_UUID: bbf16eb7-0dfd-553a-9302-3cdcded12f56 Txn_UUID: d754e76e-0dfd-553a-9302-3cdcded12f56 AddERC20_UUID: 448821bb-0dfd-553a-9302-3cdcded12f56 Balance_UUID: 19aceb1f-0dfd-553a-9302-3cdcded12f56 General_CMD_UUID: 8a2c0cd1-0dfd-553a-9302-3cdcded12f56 General_Data_UUID: 4ff47ce6-0dfd-553a-9302-3cdcded12f56
QR-Code generate User Request for Re-paring or First time config Reset Wait for connection Main Menu MT7697沒辦法 on-flight 修改BLE, 所以必須Reset一次 Hitcon Badge 2018 – BLE Initialize + Re-paring 59
AES encryption + Encoding Raw Data AES encryption 16Byte Random IV Encrypted Data Encrypted Data 16Byte Random IV Payload Append to 128 Byte Encoding Format: Header1(uint8_t) length1(uint8_t) Data1[len] Header2(uint8_t) length2(uint8_t) Data2[len] Header3(uint8_t) length3(uint8_t) Data3[len] 60
Transaction 1.To Address 2.Value 3.Gas Price 4.Gas limit 5.Noice 6.Data AES encryption + Encode Write to Transaction Characteristic Badge notify Txn Gatt 61 ERC20的Data帶進去 Badge會Parsing這部 分的Data顯示出來
Update Balance or ERC20 Balance Value Write to Balance Characteristic 1.Address 2.Value Encoding Format: 0x01 0x14 ADDRESS 0x02 0x08 Value(Double) AES encryption + Encode 62 Badge 並不會知道Balance是否正確!
Apple, Why…. 63 6/12 Update 感謝@CW Cai支援
Prototypes 64
靈感來源 Hacker Warehouse Electronic Badge https://hackerwarehouse.com/product/hacker-warehouse- electronic-badge/ https://wiki.sha2017.org/w/Projects:Badge SHACamp 2017 badge 65
Prototypes 66
後記 - Prototypes 67
後記 – 生產線 68
後記 – 生產線 69
後記 – 生產線 70
後記 – 生產線 71
後記 – 生產線 72
後記 – 生產線 73
後記 – 生產線 74
後記 – 生產線- Team Work 75
後記 – 生產線- Team Work 76
後記 – 生產線- Team Work 77
感謝廠商 78 www.ikv-tech.com 銓安智慧科技 邁特電子 www.might.com.tw
資料 • Hardware 和 Badge Software 都是 Open-Sourced • Github: https://github.com/will127534/HITCON-Badge-2018/ • Android: https://github.com/johnny5581/HitconWalletJava • Big Thanks to @Nagi @WizTonE @Aaron Luo for the Android App • Hitcon Badge 2018 Arduino Boards support package: https://raw.githubusercontent.com/will127534/HITCON-Badge- 2018/master/Software/Arduino_packages/package_hitcon_badge_ind ex.json • Linkit 7697: https://labs.mediatek.com/zh-tw/chipset/MT7697 79

Recommended

Understanding hd wallets design and implementation
Understanding hd wallets design and implementationUnderstanding hd wallets design and implementation
Understanding hd wallets design and implementationArcBlock
 
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703Nevruz Mesut Sahin
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...Bishop Fox
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 
Crypography in c#
Crypography in c#Crypography in c#
Crypography in c#Manu Cohen-Yashar
 
Protect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada KeystoreProtect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada KeystoreStephane Carrez
 

Recommended

Understanding hd wallets design and implementation
Understanding hd wallets design and implementationUnderstanding hd wallets design and implementation
Understanding hd wallets design and implementationArcBlock
 
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703Nevruz Mesut Sahin
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...Bishop Fox
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 
Crypography in c#
Crypography in c#Crypography in c#
Crypography in c#Manu Cohen-Yashar
 
Protect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada KeystoreProtect Sensitive Data with Ada Keystore
Protect Sensitive Data with Ada KeystoreStephane Carrez
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedinovia
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
Blockchain Autopsies - Analyzing Ethereum Smart Contract DeathsBlockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
Blockchain Autopsies - Analyzing Ethereum Smart Contract DeathsPriyanka Aash
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
 
Bitcoin developer guide
Bitcoin developer guideBitcoin developer guide
Bitcoin developer guide承翰 蔡
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6Jesse Burke
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...Dace Barone
 
EthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxEthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxWijdenBenothmen1
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysShun Shiku
 
Bitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodBitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodGalin Dinkov
 
Blockchain, cryptography and tokens — NYC Bar presentation
Blockchain, cryptography and tokens — NYC Bar presentationBlockchain, cryptography and tokens — NYC Bar presentation
Blockchain, cryptography and tokens — NYC Bar presentationPaperchain
 
Common Browser Hijacking Methods
Common Browser Hijacking MethodsCommon Browser Hijacking Methods
Common Browser Hijacking MethodsDavid Barroso
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
New Business Models enabled by Blockchain
New Business Models enabled by BlockchainNew Business Models enabled by Blockchain
New Business Models enabled by BlockchainSlash
 
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...IRJET Journal
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
 
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)Nicholas Lin
 
Martin Novotny and Timo Kasper
Martin Novotny and Timo KasperMartin Novotny and Timo Kasper
Martin Novotny and Timo KasperInformation Security Awareness Group
 

More Related Content

What's hot

Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedinovia
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
Blockchain Autopsies - Analyzing Ethereum Smart Contract DeathsBlockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
Blockchain Autopsies - Analyzing Ethereum Smart Contract DeathsPriyanka Aash
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
 

What's hot (6)

Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explained
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019
 
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
Blockchain Autopsies - Analyzing Ethereum Smart Contract DeathsBlockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
 

Similar to Hitcon badge 2018

Bitcoin developer guide
Bitcoin developer guideBitcoin developer guide
Bitcoin developer guide承翰 蔡
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6Jesse Burke
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...Dace Barone
 
EthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxEthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxWijdenBenothmen1
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysShun Shiku
 
Bitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodBitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodGalin Dinkov
 
Blockchain, cryptography and tokens — NYC Bar presentation
Blockchain, cryptography and tokens — NYC Bar presentationBlockchain, cryptography and tokens — NYC Bar presentation
Blockchain, cryptography and tokens — NYC Bar presentationPaperchain
 
Common Browser Hijacking Methods
Common Browser Hijacking MethodsCommon Browser Hijacking Methods
Common Browser Hijacking MethodsDavid Barroso
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
New Business Models enabled by Blockchain
New Business Models enabled by BlockchainNew Business Models enabled by Blockchain
New Business Models enabled by BlockchainSlash
 
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...IRJET Journal
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
 
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)Nicholas Lin
 
Lity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract LanguageLity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract Languagehydai
 
201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...
201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...
201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...Paperchain
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Qais Ammari
 
Bitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestBitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestAlberto Gomez Toribio
 

Similar to Hitcon badge 2018 (20)

Bitcoin developer guide
Bitcoin developer guideBitcoin developer guide
Bitcoin developer guide
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite
 
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
 
EthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptxEthereumBlockchainMarch3 (1).pptx
EthereumBlockchainMarch3 (1).pptx
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp Keys
 
Bitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodBitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the Hood
 
Blockchain, cryptography and tokens — NYC Bar presentation
Blockchain, cryptography and tokens — NYC Bar presentationBlockchain, cryptography and tokens — NYC Bar presentation
Blockchain, cryptography and tokens — NYC Bar presentation
 
Common Browser Hijacking Methods
Common Browser Hijacking MethodsCommon Browser Hijacking Methods
Common Browser Hijacking Methods
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
New Business Models enabled by Blockchain
New Business Models enabled by BlockchainNew Business Models enabled by Blockchain
New Business Models enabled by Blockchain
 
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...
IRJET- Design and Implementation of 256-Bits Cryptography Algorithm used in t...
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
 
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
 
Martin Novotny and Timo Kasper
Martin Novotny and Timo KasperMartin Novotny and Timo Kasper
Martin Novotny and Timo Kasper
 
Lity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract LanguageLity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract Language
 
201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...
201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...
201803 Blockchains, Cryptocurrencies & Tokens - NYC Bar Association Presentat...
 
Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)Blockchain explained (Technology running Bitcoin)
Blockchain explained (Technology running Bitcoin)
 
Bitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestBitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfest
 

More from Alan Lee

從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題
從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題
從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題Alan Lee
 
Hitcon13 badge challenges
Hitcon13 badge challengesHitcon13 badge challenges
Hitcon13 badge challengesAlan Lee
 
雲端分散架構的駭客事件與安全問題
雲端分散架構的駭客事件與安全問題雲端分散架構的駭客事件與安全問題
雲端分散架構的駭客事件與安全問題Alan Lee
 
HITCON駭客戰隊與CTF經驗分享
HITCON駭客戰隊與CTF經驗分享HITCON駭客戰隊與CTF經驗分享
HITCON駭客戰隊與CTF經驗分享Alan Lee
 
從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)
從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)
從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)Alan Lee
 
如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果
如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果
如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果Alan Lee
 
CloudSEC 2015 Keynote 失衡的數位軍火發展
CloudSEC 2015 Keynote 失衡的數位軍火發展CloudSEC 2015 Keynote 失衡的數位軍火發展
CloudSEC 2015 Keynote 失衡的數位軍火發展Alan Lee
 
2015 hitcon ctf 1-2月計畫與展望
2015 hitcon ctf 1-2月計畫與展望2015 hitcon ctf 1-2月計畫與展望
2015 hitcon ctf 1-2月計畫與展望Alan Lee
 
Discovering botnets from dns traffic using map reduce 5.pptx
Discovering botnets from dns traffic using map reduce 5.pptxDiscovering botnets from dns traffic using map reduce 5.pptx
Discovering botnets from dns traffic using map reduce 5.pptxAlan Lee
 

More from Alan Lee (9)

從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題
從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題
從 Facebook 事件內幕 談大 AI 時代下的雲端資料授權安全問題
 
Hitcon13 badge challenges
Hitcon13 badge challengesHitcon13 badge challenges
Hitcon13 badge challenges
 
雲端分散架構的駭客事件與安全問題
雲端分散架構的駭客事件與安全問題雲端分散架構的駭客事件與安全問題
雲端分散架構的駭客事件與安全問題
 
HITCON駭客戰隊與CTF經驗分享
HITCON駭客戰隊與CTF經驗分享HITCON駭客戰隊與CTF經驗分享
HITCON駭客戰隊與CTF經驗分享
 
從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)
從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)
從 HITCON 駭客戰隊 挑戰美國CGC天網機器人探討自動攻防技術發展 (Autonomous Hacking and Patching)
 
如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果
如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果
如何利用 MTK Linkit Smart 7688 設計出超炫的 HITCON CTF 決賽戰場燈控效果
 
CloudSEC 2015 Keynote 失衡的數位軍火發展
CloudSEC 2015 Keynote 失衡的數位軍火發展CloudSEC 2015 Keynote 失衡的數位軍火發展
CloudSEC 2015 Keynote 失衡的數位軍火發展
 
2015 hitcon ctf 1-2月計畫與展望
2015 hitcon ctf 1-2月計畫與展望2015 hitcon ctf 1-2月計畫與展望
2015 hitcon ctf 1-2月計畫與展望
 
Discovering botnets from dns traffic using map reduce 5.pptx
Discovering botnets from dns traffic using map reduce 5.pptxDiscovering botnets from dns traffic using map reduce 5.pptx
Discovering botnets from dns traffic using map reduce 5.pptx
 

Recently uploaded

Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...amilabibi1
 
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...ttt fff
 
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesVip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
the cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptxthe cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptxLeaMaePahinagGarciaV
 
萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程1k98h0e1
 
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degreeyuu sss
 
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证gwhohjj
 
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...Amil Baba Dawood bangali
 
RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作f3774p8b
 
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree 毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree z zzz
 
Hifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun TonightHifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun TonightKomal Khan
 
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...Amil baba
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...Amil Baba Dawood bangali
 
(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一C SSS
 
existing product research b2 Sunderland Culture
existing product research b2 Sunderland Cultureexisting product research b2 Sunderland Culture
existing product research b2 Sunderland CultureChloeMeadows1
 
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degreeyuu sss
 
Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作
Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作
Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作f3774p8b
 
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degreeyuu sss
 

Recently uploaded (20)

Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
 
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学麦迪逊分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#d...
 
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesVip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
the cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptxthe cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptx
 
萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程
 
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
 
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
 
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
 
RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作
 
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree 毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
Hifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun TonightHifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun Tonight
 
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
 
(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一
 
existing product research b2 Sunderland Culture
existing product research b2 Sunderland Cultureexisting product research b2 Sunderland Culture
existing product research b2 Sunderland Culture
 
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
 
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Serviceyoung call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
 
Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作
Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作
Erfurt FH学位证,埃尔福特应用技术大学毕业证书1:1制作
 
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
 
young call girls in Khanpur,🔝 9953056974 🔝 escort Service
young call girls in Khanpur,🔝 9953056974 🔝 escort Serviceyoung call girls in Khanpur,🔝 9953056974 🔝 escort Service
young call girls in Khanpur,🔝 9953056974 🔝 escort Service
 

Hitcon badge 2018

  • 1. Hitcon Badge 2018 MEDIATEK 黃偉峻 MEDIATEK 李倫銓 1
  • 2. Guidline • Hardware overview • Subsystems • ETH Transaction • HD Wallet - BIP32,39,44 • Secure Element with Wallet • Manufacture • Documents 2
  • 4. MT7697 WiFi/BLE Soc SLE97 2.13” e-Paper Button Array CP2102N USB to UART 3V to 3.3V Step-up 5V to 3.3V LDO PN532 NFC controller SPI bus I2C bus Interrupt Analog UART USB 5V 3.3V 3.3V Special buttons Digital Hardware Diagram 4
  • 5. MT7697 • 192 MHz Cortex-M4F • WiFi 802.11b/g/n & BLE SoC • 352KB Ram / External SPI flash • 64KB Bootloader Rom • UART/SPI/I2C • Crypto-engine 5
  • 6. Linkit 7697 • Arduino Support • Wrtnode’s module with 4MB Flash • MTK Official Support Platform • With Auto-Switch to load Firmware • Arduino IDE Setup: https://docs.labs.mediatek.com/resour ce/linkit7697- arduino/en/environment-setup/setup- arduino-ide 6
  • 7. Hitcon Badge‘s Arduino Package 官方的版本有幾個狀況需要修改,所以直接Fork一版出來 Package:https://raw.githubusercontent.com/will127534/HITCON-Badge- 2018/master/Software/Arduino_packages/package_hitcon_badge_index.json 修正改的內容: 1.RTOS Tickless Sleep 移除了,多虧Android的Active Scanning 2.BLE MTU Size 3.Analog Read和Sleep的Bug 4.關閉Wifi 5.加入Secure Element+電子紙的Library 7
  • 8. Waveshare 2.13” Black and White e-paper • GDE0213B1 - Support Partial Update – takes only 0.2s 8
  • 9. PN532 – NFC controller • Not used, 時間來不及 • 天線形狀比較特殊,電路需要 調整阻抗匹配 NFC 天線! 9
  • 11. PN532 – NFC controller 11
  • 12. Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 12
  • 13. Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 13.4K 歐姆 13
  • 14. Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 11.4K 歐姆 14
  • 15. Button Array • MT7697沒有多的Digital pin了QQ • Solution: Analog Button Array 3.3V Output 9.4K 歐姆 15
  • 16. Button Array • 需要精確的電壓和電阻 • 但是Badge上面有兩個供電,電壓升壓和USB降壓 ➔透過使用者一定會按到的按鈕自動校正電壓 Button ENTER + Button 6, 這兩個按下去之後會校正輸入的電壓 16
  • 18. Misc. • 正面的Power LED燈預設斷路以減少耗電量 • USB 轉 UART 和其他供電有做隔離,避免CP2102N消耗電池 • Battery有做防反接的保護 18
  • 19. Secure Element • SLE97 – From Infineon, Software from IKV • ARM® SecurCore™ SC300™ • Crypto processor • ISO 7816 interface • SPI interface CC EAL5+ high ! 19
  • 20. Hitcon Badge 2018 Hardware overview NFC 天線 電子紙 Button Array Battery Switch NFC EPD MT7697 Module Secure Element 20
  • 21. Wallet – Cryptocurrency Hash Sign Transaction Data Transaction Hash Transaction Signature 21
  • 22. Wallet – Cryptocurrency: BTC • 對比特幣來說,每一筆交易 完成後,餘額會匯到新的錢 包 錢包需要管理一堆Private Key ➔Private Key 管理問題 Solution: Deterministic Wallet 50 BTC 10 BTC 40 BTC 交易 A A B 22
  • 23. HD Wallet – BIP32,39,44 Overview Root Seed Mnemonic Code HMAC-SHA512 Right 256bit Master Chain Code Left 256bit Private Key m Child Key m/0 Child ID Child Chain code ……. Child Key m/2 Child ID Child Chain code Child Key m/1 Child ID Child Chain code Grandchildren Keys m/0/0~2^32 Grandchildren Keys m/1/0~2^32 Grandchildren Keys m/2/0~2^32 BIP39 BIP32 BIP44 ……. 23
  • 24. Child key derivation Parent Private or Public Key HMAC-SHA512 Left 256bits Right 256bitsParent Chain Code index number Child Private Key Child Chain Code Key Data https://github.com/bitcoin/bips/blob/master/bip- 0032.mediawiki Hardened 24
  • 25. BIP39 - Mnemonic Code • 由於Root Seed 不方便人類抄寫,所以透過2048個字的組合定義一 個Coding 方式 • 2048個字➔ 每個字代表11byte Word List: Abandon 0x01 Ability 0x02 Able 0x03 About 0x04 . . . https://github.com/bitcoin/bips/blob/master/bip- 0039.mediawiki Root Seed (128~256bit multiple of 32bit) ……. 11bit 11bit 11bit 11bit ……. Mnemonic Words First Seed Length/32 bit of SHA256(Root Seed) 25
  • 26. BIP39 - Mnemonic Code https://github.com/bitcoin/bips/blob/master/bip- 0039.mediawiki Root Seed Length Checksum Length Total Length Word Length 128 Bits 4 Bits 132 Bits 12 Words 160 Bits 5 Bits 165 Bits 15 Words 192 Bits 6 Bits 198 Bits 18 Words 224 Bits 7 Bits 231 Bits 21 Words 256 Bits 8 Bits 264 Bits 24 Words Badge預設值 26
  • 27. BIP 44 – Meaningful structure m / purpose' / coin_type' / account' / change / address_index • Purpose ➔ 固定 44’ • Coin type • Bitcoin ➔ 0’ • Eth ➔ 60’ • Account • Change • 0 for External chain ➔收款/付款用 • 1 for internal chain ➔ 內部處裡用 • Address index • Badge預設: m/44’/60’/0’/0/0 Tool:https://coinomi.com/recovery-phrase-tool.html 27
  • 28. BIP 44 – Meaningful structure m / purpose' / coin_type' / account' / change / address_index • Purpose ➔ 固定 44’ • Coin type • Bitcoin ➔ 0’ • Eth ➔ 60’ • Account • Change • 0 for External chain • 1 for internal chain • Address index • Badge預設: m/44’/60’/0’/0/0 Tool:https://coinomi.com/recovery-phrase-tool.html Hardened key 28
  • 29. 乙太幣交易 • To Who • 交易對方的Address • 20byte • How much • 金額 單位為wei • Uint256_t • Gas Price • 手續費 單位為wei • Uint256_t • Gas Limit • 運算數量 • Uint256_t • Nonce • 交易筆數 • Data RLP encoder keccak256 Secp256k1 橢圓曲線 Transaction Data Transaction Hash Transaction Signature Recursive Length Prefix Encoder for variable length binary data 29
  • 30. 乙太幣交易 • To Who • 交易對方的Address • 20byte • How much • 金額 單位為wei • Uint256_t • Gas Price • 手續費 單位為wei • Uint256_t • Gas Limit • 運算數量 • Uint256_t • Nonce • 交易筆數 • Data • Transaction Signature RLP encoder Broadcast Transaction data https://steemit.com/ethereum/@n-ur/behind-the-scene-on- how-myetherwallet-works-simple-illustration 30
  • 31. Smart Contract : Program on ETH • Smart Contract: 類似一種部屬在乙太幣網路的一段程式碼 • 藉由交易來傳遞/運算資料 • 一旦交易的對象是Smart Contract,Data會傳遞到對應的程式執行 31
  • 32. ERC20 – define Interface (Application Binary Interface) • TotalSupply • BalanceOf (address _owner) • transfer(address _to, uint256 _value) • transferFrom(address _from, address _to, uint256 _value) • approve(address _spender, uint256 _value) • allowance (address *_owner*, address *_spender*) 32
  • 33. • Contract Address • How much meaning less • Gas Price • Gas Limit • Nonce • Data 怎麼交易ERC20? • 對於錢包來說,ERC20只是帶有Data的交易 • 能夠塞Data就代表能支援ERC20,只是不一定有辦法顯示相對應 的交易資料 • To Who • How much • Gas Price • Gas Limit • Nonce • Data • Contract Method • Contract Data 33
  • 34. ERC20 Data format • Contract Method – 4 Byte ➔ Hashed Application Binary Interface • Contract Data – Depend on function • EX: transfer(address _to, uint256 _value) 4 Byte 32 Byte 32 Byte Data 34Detail: https://github.com/ethereum/wiki/wiki/Ethereum-Contract-ABI
  • 35. ERC20 Data format • Example: 要轉 1 個 Hitcon Token給我的話 • transfer(0x4bf5193805a4fd033b84b5bb700bf2a2aaae6a7d, 0xDE0B6B3A7640000) • “transfer(address,uint256)” ➔SHA3➔ a9059cbb2ab09eb219583f4a59a5d0623ade346d962bcd4e46b11da047c9049b • Address ➔ Append to 32Bytes 0x0000000000000000000000004bf5193805a4fd033b84b5bb700bf2a2aaae6a7d • Value ➔ Append to 32Bytes 0x000000000000000000000000000000000000000000000000de0b6b3a7640000 ➔Data:0xa9059cbb0000000000000000000000004bf5193805a4fd033b84b5bb700bf 2a2aaae6a7d0000000000000000000000000000000000000000000000000de0b6b3a 7640000 35
  • 36. Secure Element – Why? 雖然錢包可以透過軟體實作,但是容易造成Master Key被偷 ➔冷錢包,透過一個專門的硬體去存放/使用Master Key • 但是即使是冷錢包,實作方式主要分成兩類 • MCU Ex:TREZOR • Secure Element + MCU Ex:Ledger Wallet 36
  • 37. Secure Element – Why? TREZOR ➔ 透過MCU實作 通常絕大多數的MCU都難以抵抗Side-channel攻擊,所以較為容 易被破解 Ex: https://jochen-hoenicke.de/trezor-power-analysis/ P.S 已經Fix了 37
  • 38. Secure Element – Why? https://jochen-hoenicke.de/trezor-power-analysis/ 38
  • 39. Secure Element – Why? 而Secure Element最主要的目的就在於如何防止 Side-channel IC廠商會加上不同的Anti-tampering方法 常見於信用卡/SIM卡等晶片上 39
  • 40. Secure Element - Usage SPI Driver Secure Element Driver Wallet Application Transaction Application RLP encoder + keccak256 Init Wallet/Create Account/… ADPU cmd process MT7697 SPI Driver Software SPI Driver 40
  • 41. Secure Element - State Init No Host Disconnect Normal Perso Perso? Bind Reg BackToNoHost -with pin code Bind Login BackToInit – with Vender Key Bind Logout InitDevInfo 41
  • 42. Host Registration Host SE BindRegInit (UUID, Description, HASH) Handle, (OTP) Get UUID of the Host BindRegChlng (Handle) Challenge Calculate devKey from UUID & OTP Calculate Response of Challenge by devKey BindRegFinish (Handle, Response) HostId, Confirm Status Verify Response Store Host if Passed 42
  • 43. Host Login Host SE Get UUID and OTP from storage BindLoginChlng (HostId) Challenge Calculate devKey from UUID & OTP Calculate Response of Challenge by devKey Bind Login (HostId, Response) Status Words, 0x9000 if success Verify Response 43
  • 44. Device Key (devKey) Derivation UUID of Host 32 bytes OTP from SE 6 bytes SHA256 devKey 32 bytes 44
  • 45. Challenge and Response Response of Host 16 bytes Challenge from SE 16 bytes AES256 devKey 32 bytes ECB mode, Non-Padding 45
  • 46. Encrypt Key and MAC Key • Encryption Key • Used for Data Encryption after Login • Mac Key • Used for Data HMAC-SHA256 Device Key 32 bytes “ENC” 3 bytes SHA256 Encryption Key 32 bytes “MAC” 3 bytes SHA256 Mac Key 32 bytes https://en.wikipedia.org/wiki/Hash-based_message_authentication_code Login Challenge 16 bytes Device Key 32 bytes Login Challenge 16 bytes 46
  • 47. HDW Management • Secure Element Handles BIP32 Path • m/BIP44/coin/Account/Change/Address • Badge預設: m/44'/60'/0'/0/0 • Secure Element Holds up to 5 accounts • External Address Pointer of each account (update to 2128 addresses) • Internal Address Pointer of each account (update to 2128 addresses) 47
  • 48. Cmd line Management • QueryAccountKey: Query Public Key for a specific Account/Key_ID Usage: QueryAccountKey [account] [key_id] • CreateAccount: Create a New Account for a specific cointype/account_id Usage: CreateAccount [cointype] [account_id] [Name] • QueryAccountInfo: Query a specific Account Info Usage: QueryAccountInfo [account_id] • CreateNextAddr: Generate a new key for a Specific Account Usage: CreateNextAddr [account_id] • Account ID:0~4 48
  • 49. Cmd line Management • SEState: Query Secure Element State • BindReg: Bind Register • BindLogin: Bind Login • BindLogout: Bind Logout • BackToNoHost: Back to NoHost state • BackToInit: Back to Init State • InitDevInfo: InitDeviceInfo and confirm • PINAuth: Auth Pin Code • InitWallet: Initialize Wallet from Mnemonic Words • QueryWalletInfo: Query Wallet Info • QueryAllAccount: Query All Account Info • QueryAccountKey: Query Public Key for a specific Account/Key_ID • CreateAccount: Create a New Account for a specific cointype/account_id • QueryAccountInfo: Query a specific Account Info • CreateNextAddr: Generate a new key for a Specific Account • Transaction: Generate a new Raw Transaction • Misc. • Voltage: Read Battery Voltage • ReinitBLE: Re-init BLE • AddVcard: Adding a Vcard • ResetHitconTokenDisplay: Reset Hitcon Token counter 49
  • 50. Cmd line Usage • USB to UART IC: CP2102N • Driver: Linux & Windows & Mac https://www.silabs.com/products/development-tools/software/usb-to- uart-bridge-vcp-drivers • Mac OSX 10.11 up: Apple Blocked kernel extension. • https://stackoverflow.com/questions/47109036/cp2102-device-is-not-listed-in- dev-on-macos-10-13 (Note: Answer 2) • Setting:115200 8N1 50
  • 52. HDW Management • Account Purpose: 2C 00 00 00 ➔ 44 • Account Cointype: 3C 00 00 00 ➔ 60 • Little endian 52
  • 54. Badge initialize + re-generate wallet Enter No-Host State First time initialize Bind Register Enter Discon. Back To Init & Init Bind Login, Set Pin Code and enter Normal State Generate/ Input Master Key Initialize Master Key Initialize Account m/44’/60’/0’ Initialize address index 0 Read Public Key of address index 0 User Request for re-generate 54
  • 55. Secure Element - State Init No Host Disconnect Normal Perso Perso? Bind Reg BackToNoHost -with pin code Bind Login BackToInit – with Vender Key Bind Logout InitDevInfo 55
  • 56. Badge startup wallet Read Status Reg Bind Login Calc ETH Address Read Public Key of m/44’/60’/0 /0/0 0x06 0x07 other Init Wallet Read Version If bootloader mode, jump 56
  • 57. Wallet Address BLE AES Key QR-Code 格式: Hitcon://pair?v=版本數 &a=錢包Address &k=AES Key &s=ServiceUUID &c=Characteristic前四個Byte[6] 初始化的時候, Badge會將生成好的Public Address和BLE Key打包成一 個網址顯示在QR Code上面 BLE 各charastic UUID前4byte Example: hitcon://pair? v=18& a=808c2257d778e5f1340d9325116f5a7273b33f5d& k=09626aa096254e8a8ce871bfd7b8895c& s=1cbfbb33-ffc7-c966-77f9-311c6ba9e425& c=26ccce12e2c66a0b72c50cca509dbfc1275074f57e7c5668 BLE Service UUID Hitcon Badge 2018 – BLE Initialize + Re-paring 57
  • 58. 為了避免濫發交易訊息,UUID是綁定時隨機產生的 QR Code會寫Characteristic UUID的前4個Byte,後面的UUID與Service相同 QR code的Characteristic順序如下: Hitcon Badge 2018 – BLE UUIDs Transaction, Txn, AddERC20, Balance, General Purpose Cmd, General Purpose Data 58 EX: [init_BLE] LFLASH_Saved_UUID: ServiceUUID: 8b15cb6c-0dfd-553a-9302-3cdcded12f56 Transaction_UUID: bbf16eb7-0dfd-553a-9302-3cdcded12f56 Txn_UUID: d754e76e-0dfd-553a-9302-3cdcded12f56 AddERC20_UUID: 448821bb-0dfd-553a-9302-3cdcded12f56 Balance_UUID: 19aceb1f-0dfd-553a-9302-3cdcded12f56 General_CMD_UUID: 8a2c0cd1-0dfd-553a-9302-3cdcded12f56 General_Data_UUID: 4ff47ce6-0dfd-553a-9302-3cdcded12f56
  • 59. QR-Code generate User Request for Re-paring or First time config Reset Wait for connection Main Menu MT7697沒辦法 on-flight 修改BLE, 所以必須Reset一次 Hitcon Badge 2018 – BLE Initialize + Re-paring 59
  • 60. AES encryption + Encoding Raw Data AES encryption 16Byte Random IV Encrypted Data Encrypted Data 16Byte Random IV Payload Append to 128 Byte Encoding Format: Header1(uint8_t) length1(uint8_t) Data1[len] Header2(uint8_t) length2(uint8_t) Data2[len] Header3(uint8_t) length3(uint8_t) Data3[len] 60
  • 61. Transaction 1.To Address 2.Value 3.Gas Price 4.Gas limit 5.Noice 6.Data AES encryption + Encode Write to Transaction Characteristic Badge notify Txn Gatt 61 ERC20的Data帶進去 Badge會Parsing這部 分的Data顯示出來
  • 62. Update Balance or ERC20 Balance Value Write to Balance Characteristic 1.Address 2.Value Encoding Format: 0x01 0x14 ADDRESS 0x02 0x08 Value(Double) AES encryption + Encode 62 Badge 並不會知道Balance是否正確!
  • 65. 靈感來源 Hacker Warehouse Electronic Badge https://hackerwarehouse.com/product/hacker-warehouse- electronic-badge/ https://wiki.sha2017.org/w/Projects:Badge SHACamp 2017 badge 65
  • 75. 後記 – 生產線- Team Work 75
  • 76. 後記 – 生產線- Team Work 76
  • 77. 後記 – 生產線- Team Work 77
  • 79. 資料 • Hardware 和 Badge Software 都是 Open-Sourced • Github: https://github.com/will127534/HITCON-Badge-2018/ • Android: https://github.com/johnny5581/HitconWalletJava • Big Thanks to @Nagi @WizTonE @Aaron Luo for the Android App • Hitcon Badge 2018 Arduino Boards support package: https://raw.githubusercontent.com/will127534/HITCON-Badge- 2018/master/Software/Arduino_packages/package_hitcon_badge_ind ex.json • Linkit 7697: https://labs.mediatek.com/zh-tw/chipset/MT7697 79